Event linked to alert or unlinked from an alert

Event field name

Field value

DeviceAction

link event to alert or unlink event from alert

EventOutcome

succeeded or failed

SourceTranslatedAddress

This field contains the value of the HTTP header x-real-ip or x-forwarded-for. If these headers are absent, the field will be empty.

SourceAddress

The address from which the user logged in. If the user logged in using a proxy, there will be a proxy address.

SourcePort

Port from which the user logged in. If the user logged in using a proxy, there will be a port on the proxy side.

SourceUserName

User name of the user that linked or unlinked the event.

SourceUserID

ID of the user that linked or unlinked the event.

ExternalID

Alert ID.

Name

Alert name.

DeviceFacility

Event action: link or unlink.

DeviceCustomString1

ID of the event that was linked or unlinked.

DeviceCustomString2Label

event ID

Message

If EventOutcome = failed, an error message can be found here.

DeviceCustomString5

Tenant ID.

DeviceCustomString5Label

tenant ID

DeviceCustomString6

Tenant name.

DeviceCustomString6Label

tenant name

Page top